Thursday February 08, 2018

Cryptojacking attacks are becoming more and more common these days and now it appears a utility company is the first victim of attacks against critical infrastructure. Security company Radiflow discovered the malware recently and found that it had been running on the network for 3 weeks totally unknown to the utility. I guess cryptojacking apparently knows no bounds when it comes to critical systems versus non-critical systems and companies are going to have to be more vigilant against this kind of hijack. I believe critical infrastructure should be more isolated than this and a user shouldn't be able to open a browser and websurf on important systems. Hopefully this will be remedied by this particular utility.

At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system.